VDI Secure Access Architecture for Dual User ProfilesThis document sets the secure standards for our Zero Trust VDI solution. The architecture uses Paralles RAS, the hardened RAS, and delivers unified Windows Identity for VDI session via Single Sign-On (SSO). Security measures tailored for two distinct IT and Administrative Users.

1. Initial VDI Session & SSO

Flow Summary[IGEL Endpoint] → [Paralles RAS Context Filters, In-session SAML]

2. Differented Application Access

Endpoint Security (IGEL OS)• Read-Only OS• Secure Boot• Peripheral Control

3. Mandatory Hardheing Directives

Flow SummaryRestie Neale Broader app suite suite OoBA for critical apps

VDI Environment Distinction• Administrative Users: Paralles RAS Security• Kiosk Uses: Restricted session + OoBA for critical apps

VDI Host Integrity• All VDIs: Non-persistent• Kiosk VDIS:• Kiosk VDIS: Severe Restrictions• Administrative VDIS: Network Segmentation, Deep Baselines

4. Operational Standards

• Patch Cycle: schedule
• High Automation components
• Auditing
• Detailed time alerts

test